Prevent premature hsplit() calls, and only trigger REHASH after hsplit()
Triggering a hsplit due to long chain length allows an attacker
to create a carefully chosen set of keys which can cause the hash
to use 2 * (2**32) * sizeof(void *) bytes ram. AKA a DOS via memory
exhaustion. Doing so also takes non trivial time.
Eliminating this check, and only inspecting chain length after a
normal hsplit() (triggered when keys>buckets) prevents the attack
entirely, and makes such attacks relatively benign.
(cherry picked from commit f14269908e5f8b4cab4b55643d7dd9de577e7918)
(which was itself cherry picked from commit f2a571dae7d70f7e3b59022834d8003ecd2df884)
(which was itself cherry picked (with changes) from commit f1220d61455253b170e81427c9d0357831ca0fac)

Avoid wraparound when casting unsigned size_t to signed ssize_t.
Practically, this only affects a perl compiled with 64-bit IVs on a 32-bit
system. In that instance a value of count >= 2**31 would turn negative
when cast to (ssize_t).
(cherry picked from commit 94e529cc4d56863d7272c254a29eda2b002a4335)

[perl #63886] 5.8.9 binary incompatibility with PL_perlio_mutex
On Mac OS X, the Modo application by Luxology, is a 3-D rendering program
that uses embedded perl. It works fine with perl 5.8.6 and 5.8.8, but with
5.8.9, certain operations either cause the app to crash or exit while in
the perl interpreter. I have tracked this down to the PL_perlio_mutex
variable not being initialized.
What I believe was the cause is the change to PERL_SYS_INIT3 (and
PERL_SYS_INIT) to be defined as a function call (Perl_sys_init3() or
Perl_sys_init(), respectively). With this change Perl_sys_init3() and
Perl_sys_init() now call MUTEX_INIT(&PL_perlio_mutex) (via the PERLIO_INIT
macro), instead of the function PerlIO_init() doing the initialization.
However, for embedded code compiled before 5.8.9, PERL_SYS_INIT3
was a macro that defined the initialization directly (no call to
Perl_sys_init3(), which didn't exist), but without PERLIO_INIT, which
wasn't defined before 5.8.9. Since PerlIO_init() now doesn't initialize
either, PL_perlio_mutex is left uninitialized, and this causes the crash
and premature exit noted above.
The workaround is to reinstate the PL_perlio_mutex initialization in
PerlIO_init(), but this means that MUTEX_INIT(&PL_perlio_mutex) may be
called twice in some cases. However, the crash/exit is avoided. Here is
the patch I used:

Fix #ifdef merging order error in change 27965, controlling (un)pack features.
(Commit 3314a176ae98f93ebb8341affdc541b51b4e0943 in new money)
PERL_PACK_CAN_W, and in a later commit PERL_PACK_CAN_DOT, are only supposed to
be #defined if PERL_VERSION >= 9.

It helps if you actually add your new file.2008-12-15T14:26:44ZNicholas Clarknick@ccl4.orgNicholas Clarknick@ccl4.org2008-12-15T14:26:44Zhttps://perl5.git.perl.org/perl.git/commitdiff/272222f7a9c9f3b2cee442a37431e79ad3a70b1f

It helps if you actually add your new file.
p4raw-id: //depot/maint-5.8/perl@35104

Best estimiate patch number for 5.8.9 release.2008-12-14T17:46:47ZNicholas Clarknick@ccl4.orgNicholas Clarknick@ccl4.org2008-12-14T17:46:47Zhttps://perl5.git.perl.org/perl.git/commitdiff/ad35fe93b63785a1916b39863d33eef04eee941b

Best estimiate patch number for 5.8.9 release.
p4raw-id: //depot/maint-5.8/perl@35093